Skip to content

Pull requests: Yara-Rules/rules

New pull request New
23 Open 237 Closed
23 Open 237 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add Arsenal-237 ransomware suite detection rules (enc_c2, new_enc, full_test_enc, dec_fixed, nethost, chromelevator)
#457 opened Feb 14, 2026 by PixelatedContinuum Loading…
Add Arsenal-237 BYOVD toolkit detection rules (BdApiUtil64.sys, killer.dll, lpe.exe, rootkit.dll)
#456 opened Feb 14, 2026 by PixelatedContinuum Loading…
Add Kurinium RAT detection rules (Discord-based Rust RAT)
#455 opened Jan 29, 2026 by MidasRX Loading…
Docs: Add missing description for 'utils' category to README
#454 opened Dec 16, 2025 by jfgmesquita Loading…
1
Add .yar to detect a stupid malware written in python
#453 opened Nov 22, 2025 by rf-peixoto Loading…
Added .yar to cover CVE_2025_48384
#452 opened Sep 15, 2025 by vinieger Loading…
add XMRig rules for KIC
#448 opened Jan 10, 2025 by mrwanny Loading…
Msan locker.yar
#447 opened Dec 4, 2024 by deathrobotpunch Draft
Add Dridex shellcode stager yara rule
#446 opened Nov 14, 2024 by harryeetsource Loading…
Update RIPEMD detection to use round constants.
#443 opened Mar 19, 2024 by Ek0n Loading…
1
Create MALW_ChromePolish.yar
#442 opened Jan 2, 2024 by malienist Loading…
Create MALW_darkgate.yar
#441 opened Dec 11, 2023 by malienist Loading…
Update CVE-2017-11882.yar
#440 opened Nov 20, 2023 by k0ko380 Loading…
Create Volt Typhoon_crowd_strike_rules
#438 opened Jul 12, 2023 by skirankumar Loading…
Add ed25519 rule
#436 opened Jun 19, 2023 by tobhe Loading…
Added rule: dotnet_binary_file
#435 opened Apr 5, 2023 by CYB3RMX Loading…
Update index_gen.sh
#432 opened Dec 10, 2022 by Pierre-Gronau-ndaal Loading…
False Positives - PDF Trailer Rule (invalid_trailer_structure)
#431 opened Jun 30, 2022 by mnalis Loading…
Go language PE and ELF detections
#430 opened Jun 16, 2022 by RandomRhythm Loading…
1
Add SM4 rules
#428 opened May 12, 2022 by sylvainpelissier Loading…
Create CVE-2022-0847.yar
#427 opened Apr 3, 2022 by vittring Loading…
3
Add Ryuk ransomware detection & Update index
#414 opened Jul 17, 2021 by sidahmed-malaoui Loading…
1
Disable PEiD Armadillo packer false positive
#350 opened May 21, 2019 by wesinator Loading…
2
ProTip! Exclude everything labeled bug with -label:bug.